A system of data integrity should include the following controls:
Control 1 | No one individual should have complete control over all key processing functions for any financial transaction. These functions include:
If insufficient personnel within the unit make it necessary for one person to perform all of these functions, the unit must assign a second person to review the work for accuracy, timeliness and integrity. |
---|---|
Control 2 | Ensure that all employees who prepare financial transactions provide adequate descriptions, explanations and backup documentation sufficient to support post-authorization review and any internal or external audit. |
Control 3 | Keep "office of record" documents (both forms and paperless transactions) physically secure and readily retrievable. These documents must be retained for the periods specified in the University Records Disposition Schedules Manual. |
Control 4 | Ensure that staff reconcile transactions appearing on the general ledger at the end of each accounting period. All transactions must be verified for:
All reconciliations must be performed in a timely manner. |
Control 5 | Use exception reporting, variance analysis and other mechanisms to monitor, review and reconcile financial activity to ensure that:
|
Control 6 | Encourage all employees to report any breakdown or compromise in the unit's data integrity without fear of reprisal. |
For further information, contact Audit and Advisory Services.